<?php
/**
 * @author Andrew Willmott <andrew.willmott@omni-fi.net>
 * @copyright Copyright (c) 2011, Andrew Willmott
 * @license http://www.opensource.org/licenses/mit-license.php MIT Licence
 * @version 1.0
 *
 * This page includes all the functions for signing up for a bank account
 */
require('functions.inc.php');

if (array_key_exists('username', $_POST)){
	//The user has posted something so we can process it
	processSignup($_POST['username'], $_POST['password']);
}
else {
	//The user has not posted anything so give them the signup form
	displaySignup();
}


/**
 * This function displays the form asking the user to submit their details
 */
function displaySignup(){
	htmlHeader("Signup");
	echo "</head>\n<body>\n\t<h1>Signup</h1>\n";
	echo "\t<form action='signup.php' method='POST'>\n";
	echo "\t\t<p>Please fill in the following details: <br />\n";
	echo "\t\tThe username you would like<input type='text' name='username' />\n";
	echo "\t\tThe password you would like<input type='password' name='password' />\n";
	
	if ($recaptchaPublic != NULL){
		//The user wishes to display a CAPTCHA
		echo "\t\t<p>Please enter the words below into the box</p>\n";
		require_once('recaptchalib.php');
		echo recaptcha_get_html($GLOABLS['recaptchaPublic']);
	}
	
	
	echo "\n\t\t<input type='submit' value='Signup' />\n";
	echo "\t\t</p>\n\t</form>\n</body\n</html>";
}

function processSignup($username, $password){
	//Validate the reCAPTCHA
	
	if ($GLOBALS['recaptchaPrivate'] != NULL){
		require_once('recaptchalib.php');
		$privatekey = "6LdQ4r8SAAAAAN-v2Ax_4CN1iu6VcUEBa1ZQlkga";
		$resp = recaptcha_check_answer ($GLOBALS['recaptchaPrivate'],
					$_SERVER["REMOTE_ADDR"],
					$_POST["recaptcha_challenge_field"],
					$_POST["recaptcha_response_field"]);
		if (!$resp->is_valid) {
			// What happens when the CAPTCHA was entered incorrectly
			die('Recapture not entered correctly');
		}
	}
	else {
		//No need to verify the CAPCHA
	}
	//Check the user does not already exist in the database
	//Add the user to the database
	$dbh = dbWriteConnection();
	$dbh->beginTransaction();
	//See if the user already exists
	$stmt = $dbh->prepare("SELECT user_account_id FROM user_accounts WHERE user_account_name = :username");
	$stmt->bindValue(':username', $username, PDO::PARAM_STR);
	$stmt->execute() or die('Not able to check for existing username');
	if ($stmt->rowCount() > 0){
		//There is already a user account with this username
		die("Username already in use");
	}
	else {
		//Continue execution
	}
	
	//Generate a salt for the username
	$salt = mt_rand(0, 2147483640);
	$password = hash('sha256', "$password $salt $username");
	
	$stmt = $dbh->prepare("INSERT INTO user_accounts (user_account_name,user_account_password, user_account_salt) 
				VALUES (:username, :password, :salt)");
	$stmt->bindValue(':username', $username, PDO::PARAM_STR);
	$stmt->bindValue(':password', $password, PDO::PARAM_STR);
	$stmt->bindValue(':salt', $salt, PDO::PARAM_INT);
	if(!$stmt->execute()){
		echo "Not able to add username $username with password $password" . print_r($dbh->errorInfo());
		$dbh->rollBack();
		exit();
	}
	else {
		$dbh->commit();
	}
	htmlHeader("Signup");
	echo "</head>\n<body>\n\t<h1>Account Created</h1>\n";
	echo "\t<p>Your account has been created, click <a href='login.php'>here to login</a>.</p>\n";
	echo "</body\n</html>";
}

?>